home

homic.exe

avdorsis

The executable homic.exe has been detected as malware by 26 anti-virus scanners. While running, it connects to the Internet address dev.ucoz.net on port 80 using the HTTP protocol.
Product:
avdorsis

Version:
1.0.0.0

MD5:
b939c94807145a7eac8940398a35ea9f

SHA-1:
8f7356ae1ab6b99f1078df9941b142f836d2c92b

SHA-256:
b87d528f786df2516ff59ec84720c5aa0cbb39223fd90af2041681efe098e480

Scanner detections:
26 / 68

Status:
Malware

Analysis date:
11/30/2024 5:29:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3458364
161

AegisLab AV Signature
Troj.Ransom.W32.Blocker!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.Blocker.N2071455009
3.7.5.15

Avira AntiVirus
TR/Blocker.nefa
8.3.3.4

Arcabit
Trojan.Generic.D34C53C
1.0.0.742

avast!
Win32:Malware-gen
2014.9-160826

AVG
MSIL10
2017.0.2639

Bitdefender
Trojan.GenericKD.3458364
1.0.20.1195

Emsisoft Anti-Malware
Trojan.GenericKD.3458364
8.16.08.26.08

ESET NOD32
MSIL/Agent.ALH (variant)
10.13991

Fortinet FortiGate
W32/Blocker.JKQN!tr
8/26/2016

F-Secure
Trojan.GenericKD.3458364
11.2016-26-08_6

G Data
Trojan.GenericKD.3458364
16.8.25

IKARUS anti.virus
Trojan.MSIL.Agent
t3scan.2.1.6.0

K7 AntiVirus
Riskware
13.237.20625

Kaspersky
Trojan-Ransom.Win32.Blocker
14.0.0.-309

McAfee
RDN/Ransom
5600.6295

Microsoft Security Essentials
Trojan:Win32/Dynamer!ac
1.1.13000.0

MicroWorld eScan
Trojan.GenericKD.3458364
17.0.0.717

Panda Antivirus
Trj/GdSda.A
16.08.26.08

Rising Antivirus
Ransom.Blocker!8.12A-8IXQMkKFQND (Cloud)
23.00.65.16824

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R00JC0DHC16
7.2.239

Trend Micro
TROJ_GEN.R00JC0DHC16
10.465.26

VIPRE Antivirus
Trojan.Win32.Generic
51704

ViRobot
Trojan.Win32.Z.Blocker.94720[h]
2014.3.20.0

File size:
92.5 KB (94,720 bytes)

Product version:
1.0.0.0

Copyright:
avdorsis

Original file name:
avdorsis.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\webfox\set.{ed7ba470-8e54-465e-825c-99712043e01c}\homic.exe

File PE Metadata
Compilation timestamp:
8/4/2016 2:39:01 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
80.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:rqgUvBEo8/jU/T5S73tEFeGdvZA+M0ttttttttttttttttttttttttttKltNWahh:GgUvBEo8/jU/T5S73tEFeGdvOF3lnWaP

Entry address:
0x10BFE

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.2999

Code size:
59.5 KB (60,928 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to dev.ucoz.net  (195.216.243.123:80)

Remove homic.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.